English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.881579
Categoría:CentOS Local Security Checks
Título:CentOS Update for vino CESA-2013:0169 centos6
Resumen:The remote host is missing an update for the 'vino'; package(s) announced via the referenced advisory.
Descripción:Summary:
The remote host is missing an update for the 'vino'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Vino is a Virtual Network Computing (VNC) server for GNOME. It allows
remote users to connect to a running GNOME session using VNC.

It was found that Vino transmitted all clipboard activity on the system
running Vino to all clients connected to port 5900, even those who had not
authenticated. A remote attacker who is able to access port 5900 on a
system running Vino could use this flaw to read clipboard data without
authenticating. (CVE-2012-4429)

Two out-of-bounds memory read flaws were found in the way Vino processed
client framebuffer requests in certain encodings. An authenticated client
could use these flaws to send a specially-crafted request to Vino, causing
it to crash. (CVE-2011-0904, CVE-2011-0905)

In certain circumstances, the vino-preferences dialog box incorrectly
indicated that Vino was only accessible from the local network. This could
confuse a user into believing connections from external networks are not
allowed (even when they are allowed). With this update, vino-preferences no
longer displays connectivity and reachable information. (CVE-2011-1164)

There was no warning that Universal Plug and Play (UPnP) was used to open
ports on a user's network router when the 'Configure network automatically
to accept connections' option was enabled (it is disabled by default) in
the Vino preferences. This update changes the option's description to avoid
the risk of a UPnP router configuration change without the user's consent.
(CVE-2011-1165)

All Vino users should upgrade to this updated package, which contains
backported patches to resolve these issues. The GNOME session must be
restarted (log out, then log back in) for this update to take effect.

Affected Software/OS:
vino on CentOS 6

Solution:
Please install the updated packages.

CVSS Score:
5.1

CVSS Vector:
AV:N/AC:H/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-0904
BugTraq ID: 47681
http://www.securityfocus.com/bid/47681
Debian Security Information: DSA-2238 (Google Search)
http://www.debian.org/security/2011/dsa-2238
http://www.mandriva.com/security/advisories?name=MDVSA-2011:087
RedHat Security Advisories: RHSA-2013:0169
http://rhn.redhat.com/errata/RHSA-2013-0169.html
http://secunia.com/advisories/44410
http://secunia.com/advisories/44463
SuSE Security Announcement: SUSE-SR:2011:009 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
http://www.ubuntu.com/usn/usn-1128-1/
http://www.vupen.com/english/advisories/2011/1144
XForce ISS Database: vino-input-dos(67243)
https://exchange.xforce.ibmcloud.com/vulnerabilities/67243
Common Vulnerability Exposure (CVE) ID: CVE-2011-0905
XForce ISS Database: vino-framebuffer-dos(67244)
https://exchange.xforce.ibmcloud.com/vulnerabilities/67244
Common Vulnerability Exposure (CVE) ID: CVE-2011-1164
RHSA-2013:0169
https://bugzilla.gnome.org/show_bug.cgi?id=596190
https://bugzilla.redhat.com/show_bug.cgi?id=553477
Common Vulnerability Exposure (CVE) ID: CVE-2011-1165
http://git.gnome.org/browse/vino/commit/?id=410bbf8e284409bdef02322af4d4a3a388419566
http://www.dslreports.com/forum/r25446313-Ubuntu-computer-hijacked-by-hacker~start=40
https://bugzilla.gnome.org/show_bug.cgi?id=594521
https://bugzilla.redhat.com/show_bug.cgi?id=678846
Common Vulnerability Exposure (CVE) ID: CVE-2012-4429
50527
http://secunia.com/advisories/50527
55548
http://www.securityfocus.com/bid/55548
USN-1701-1
http://www.ubuntu.com/usn/USN-1701-1
[oss-security] 20120913 CVE request: information leak in vino
http://www.openwall.com/lists/oss-security/2012/09/13/25
[oss-security] 20120913 Re: CVE request: information leak in vino
http://www.openwall.com/lists/oss-security/2012/09/14/1
vino-clipboard-info-disclosure(78602)
https://exchange.xforce.ibmcloud.com/vulnerabilities/78602
CopyrightCopyright (C) 2013 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.